CISA Adviser Hits Cloud Industry for Charging Extra for Baseline Cybersecurity

A member of the Cybersecurity and Infrastructure Security Agency‘s new advisory committee said cloud service providers should not be allowed to charge the government extra for baseline security features that are expected of them in the first place. Alex Stamos, who is also a partner at the Krebs Stamos Group, added that it is “immoral” for companies to demand more money for basic services but lamented that it is not new for cloud companies to upsell their services, Nextgov reported Tuesday.

Stamos raised the issue Friday during the newly-formed committee’s first meeting, which focused on how to turn the corner on cybersecurity hygiene. The aftermath of the Solar Winds event highlighted challenges tracing the attackers’ steps associated with logging capabilities being tied to higher-cost licenses at Microsoft.

Stamos, a computer scientist and an adjunct professor at Stanford University’s Center for International Security and Cooperation, said it is not just Microsoft, but “a huge number of cloud companies,” that are trying to charge a premium from baseline services. He stressed that these firms should be ”called out and shamed.” He likened the situation to an automobile company that charges extra to put airbags in their cars.

Stamos proposed measures to motivate cloud companies to implement appropriate security measures, ranging from providing tax incentives and protection from liability when they apply best industry practices to enforcing fines when they fail to do so.

For her part, CISA Director Jen Easterly sought recommendations and asked George Stathakopoulos, Apple vice president of corporate information security, to follow up on Stamos’ recommendations. During the discussions, Stamos specifically commended Apple for distancing itself from predatory business practices as they apply in cloud services.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now